USAA “Incoming Payment Transfer” Phishing Scam Email

Outline:
Email purporting to be from financial services group USAA claims that you have an incoming payment transfer on hold and you must click a link to verify the payment.

Brief Analysis:
The email is not from USAA. In fact, it is a phishing scam designed to steal private information from USAA customers. Links in the message open a fraudulent website that asks you to submit personal and financial information.

Example:Subject: You Have An Incoming Payment Transfer

Dear USAA Customer,

You have a new incoming payment transfer on hold. For security reasons, We need to verify the sender and receiver of the payment.A quick verification of your USAA account is required as a means to approve the incoming payment transfer. Your money will be posted into your account within 2-4 business days.

Approve Your Payment
We appreciate your business and co-operation with us.

Thank you,
USAA

Detailed Analysis:
This email, which purports to be from the United Services Automobile Association (USAA), claims that you have a new incoming payment transfer on hold. Supposedly, USAA needs to verify the sender and receiver of the payment.

The email instructs recipients to click an “Approve Your Payment” button to complete the verification. The message features seemingly official USAA logos, formatting and links.

However, the email is not from the USAA. The email is a phishing scam designed to trick USAA customers into submitting personal information to Internet criminals. Those who fall for the ruse and click on the link in the scam email will be taken to a bogus website that asks them to log on to their USAA account. They will next be taken to a fake form that asks them to provide a raft of personal information, including their USAA credit card number, pin, security code and other identity details. The criminals operating the scam can collect the information submitted on the bogus website and use it to commit credit card fraud and identity theft.

Phishing scams of this nature are very common and target customers of many financial institutions and service providers all around the world. Scammers use many and varied tricks to try to entice their intended victims into submitting their personal and financial information. Any unsolicited email that claims that you need to update personal information urgently by clicking a link or opening an attached file should be treated as suspicious.